Overview

For an Individual, consent facilitates consensus, it provides a common interaction framework that reduces social friction.  Consent instructs human interaction to transverse context with specific engagements with another entity. For humans, consent is interoperability. 

Face to face consent is observable, but with digital services managed with digital identifiers, the governance framework assumed in a physical notice and consent interaction between people is without a common standardized representation in a digital interaction, making the digital governance non-transparent. 

A Notice for the use of personal data, is itself a record that specifies the framework for consent, or consensus which are permissions and preferences for the protection and control of personal data.  A Notice receipt, is a digital record of the Notice (or physical sign), and to be a legally compliant record, MUST contain the information required to interact with the governance framework and identity authority the Notice represents, in accordance with privacy legislation.  

A Notice is used to signal the state of digital governance that the notice represents in a specific context.   A Notice receipt, in place of a physical acknowledgment, is used to complete a proof of awareness. Which is legally required for informed explicit consent in both physical and digitally intermediated physical interaction.   

Likewise, a Consent Notice Receipt is a human centric record of an explicit consent, that is provided and managed by the individual, to capture a distinct interaction. This consent record captures the governance framework (a mutual policy state) for personal data processing. The consent receipt is a proof of the explicit consent interaction and is itself, a notice, providing proof of awareness. 

A Notification is provided once an explicit Notice and/or Consent is recorded, and is used to maintain awareness of the purpose of use and the relationship state (active policy) throughout the lifecycle which is governed by the information initial notice.  

The term consent is further defined by the Notice, Notification and Consent lifecycle as an active state of consensus, or consent. (Note: clarifying consent in the GDPR) Which is specified by the initiating Notice and the basis for the notice and consensus policy, as a component of the Notice.  As such, explicit consent is not a technology in this framework, but a human control point for engagement and interoperability, that is legally defined in regulations. It is provided, and inherently owned by the individual; the quality of the explicit consent is dependent on how informed the individual is, and is not legally possible, in all regulated jurisdictions, without a Notice that includes; the identity of the controller, a contact point, the purpose of use prior to the capture of identifiers and the legal justifications for identity management.  

In the absence of explicit consent, a Notice can itself be used to present the legal justification and authority for the use of digital identity management for personal data processing and for the use of privacy rights. This authority, utilising the ISO 29184 consent record standard, is used to manage and control personal data portability with standardised, global privacy controls. 

The provision of notice receipt, for any legal justification decentralises the notice and distributes the record of processing, so that people can own their own consent record and control their own data authorisation and privacy control autonomously from the data controller or processor. 

This input to the ISO study period defines the requirements for provisioning of a legally compliant, digital Notice receipt to govern the consent lifecycle for data processing with standardised interoperable privacy controls.

Records and receipts can be represented as standard JSON, are provided at the point of initial engagement in a secure format that provides non-repudiation. 

Receipt Type profiles are used to stack and link verified claims to a semantic legal framework that can be bound to digital and physical data processing.  a provide  while a notice ‘receipt type’ is used to maintain a shared state of understanding consent (or data governance), for the exercise of privacy defined rights, and for the controller or operator of data processing operations, to mitigate data processing risk for the Individual.   

1. Scope

This document updates all previous versions and specifies the elements for generating a normative operational privacy notice and consent notice receipts

The scope of this Notice & Consent receipt specification is as outlined in the OECD Guidelines on the Protection of Privacy and  theTransborder Flows of Personal Data with the objective:

“to prevent what are considered to be violations of fundamental human rights, such as the unlawful storage of personal data, the storage of inaccurate personal data, or the abuse or unauthorised disclosure of such data” [OECD 2000:2013]

Much like that of a transaction receipt providing transparency over the transfer of money, standardised notice and consent provides transparency of data processing and the extent of identifier surveillance.  Addressing the most complex data governance challenges.

The notice content and structure controls in ISO/IEC 29184 Online privacy notices and consent standard published 6 June 2020 are used to further define the application of ISO/IEC 29100 terms and definitions used in the Kantara Initiative MV(CR) V1.1 specification. Providing a standard digital layer of semantics for enhanced data control transparency. Reducing reliance on policies and the need for people to read terms and conditions that provide privacy as expected. 

Updates MVCR v0.7 to CR V1.2 

1. Updating the MVCR v0.7 Appendices for the  CR V1.1 and subsequent 27560 

   1. Personal Data Categories Appendix 

   2. Purpose Specification - Updated to a Purpose specification with the use of the W3C Data Privacy Vocabulary v0.01) 

2. Updates on the un-defined fields 

   1. Delegation (Replacing on-Behalf)  

   2. Consent type 

   3. Termination 

   4. Storage retention/Location

3. Providing a Supplemental Annex 

   1. Consent type to legal justification mapping table

      1. instructions on use of consent types 

   2. ISO/IEC - 29184 Notice/Consent Control Catalogue 

   3. Open Data Schema

   4. Information Structure Interoperability

In the absence of dedicated measures, neither Individuals nor organizations can see, understand and track the processing of personal data.  The surveillance and processing of personal data is invisible and disconnected from context and people, as terminology for data control and a common digital format are not often defined as people expect. 

Individuals are regularly presented with a notice and asked for explicit consent for the delivery of digital services in which human considerations are not considered and the organisation controls the consent record and therefore privacy rights access.  

The transition from analog to digital service delivery has reduced the quality of human usable consent. The analogue policies for consent and notice online are disintermediated from the data processing and the person.  To increase the quality of explicit consent mechanisms, an operation privacy notice is used to provide active privacy state to generate a receipt for use of privacy controls the individual can manage independently.  

For example, people are unable to see how much money is actually taken off their debit cards at a corner store, unless a receipt is provided for this invisible processing in context. Without the transaction receipt, people are exposed to greater risk of theft without recourse.   

A Consent Notice Receipt is used in a similar way, but rather than capturing a financial exchange, it captures the notice state for the consent and the purpose for the personal data processing interaction and transparency over personal data access.  This data privacy information point is a data overlay that enhances the notice or notification to provide a consent notice receipt, and includes; the context (like the time and date), a link to the consent notice, it’s purpose, and the digital identifiers of all the parties involved in processing, accessing, sharing and disclosure of personal data.  

When shopping in a store, the act of providing a receipt is enough to govern all the parties, as transparency decentralises (co-regulates) those interactions.  People don’t often use receipts, they are constantly declined, this is because the act of offering is enough to ease the friction created when strong transparency is not provided over a financial transaction in the transaction context.  

A receipt is a record that a compliant notice for using  identifiers, the contact, personal data categories, and a purpose of use has been provided and accepted.  The collection and use of the receipt demonstrate a standardised privacy information proof point for human awareness.  

This dual record system provides a missing (from digital service context) an assurance to the service that the person is at least aware of the notice and personal data processing. 

The explicit confirmation to a Notice, in addition to an explicit opt-in to a purpose of use, provides a missing proof of human awareness, in addition to an explicit consent record.   

A missing data point for transparency of a  human awareness factor that is not commonly captured in digital service delivery. (Referred to as Two Factor Transparency for Consent 2FC)  Required for compliance with PIPEDA, meaningful consent requirements, in which an explicit risk notification is required, in addition to the Notice and Consent.  A compliance function this specification provides. 

An explicit consent notice receipt, must include a purpose along with a set of expectations (often defined legal notice requirements) for the use and treatment of personal data, specific to that context in order to have integrity.  The purpose specification and any additional purpose not in context, requires an additional notification to capture an explicit record of awareness as well as consent for this seperate purpose.